Control of usage of contents in digital broadcasts

ABSTRACT

A method of transmitting a content to a reception side includes the steps of encrypting the content by use of a scramble key that varies with time, encrypting scramble-key-associated information that includes at least the scramble key and usage-control information, the usage-control information indicative of usage of the content on the reception side, and transmitting the encrypted content and the encrypted scramble-key-associated information to the reception side.

TECHNICAL FIELD

[0001] The present invention generally relates to the control ofinformation, and particularly relates to the control of use of contentsin digital broadcasts.

BACKGROUND ART

[0002] In recent years, proposals have been made with regard to services(for watching or listing to contents) that allow digital contents ofdigital broadcasts to be stored for subsequent use (playing, editing,and so on) at a receiver end, by use of a large-volume storage devicesuch as a hard-drive that allows random access. Such services will berealized by storing contents in a randomly accessible storage device,thereby allowing a scene of a particular content (i.e., a scene of auser-requested content) to be played on a random-access basis.

[0003] Contents of digital broadcasts include metadata corresponding toeach scene. The metadata refers to information about contents, and istypically comprised of intra-program indexes equivalent to the headingsof scenes in a given program. Contents having metadata attached theretoare transmitted from the transmission side, and the metadata is thenutilized on the reception side for content search (i.e., search forparticular scenes in the contents).

[0004] While the services that are realized based on the contents storedin randomly accessible storage devices offer great convenience toviewers/listeners (hereinafter referred to simply as viewers) at thereceiving end, broadcasting stations (i.e., content providers) on thetransmission side may have to tolerate the use of contents in the mannerthat have never been intended (i.e., the illegal use of contents). Forexample, part of the contents such as commercials may be skipped(erased) on purpose for the convenience of viewers. In other examples,metadata attached to the contents on the transmission side may betampered by viewers with malicious intent on the receiver side, or maybe changed to another metadata for the purpose of using contents (i.e.,unauthorized use of the contents).

[0005] In order to prevent such illegal use of contents, control signalsthat prohibit the skipping of scenes and/or commercials in contents maybe transmitted from the transmission side by multiplexing such controlsignals with the contents. On the reception side, the receiver iscontrolled to operate according to the received control signals so as tolet the viewers to watch the contents.

[0006] Such measure to prevent the illegal use of contents is based uponthe control of the receiver device according to the control signalsmultiplexed on the transmission side. The receiver, however, may berigged, or may be a product manufactured specifically for the purpose ofillegal use. In such a case, the control signals multiplexed on thetransmission side may not function as originally intended.

[0007] Accordingly, there is a need for a transmission/reception schemethat can prevent the illegal use of contents even when the receiver isrigged, or is a product specifically made for illegal use.

DISCLOSURE OF INVENTION

[0008] It is a general object of the present invention to provide atransmission/reception scheme that substantially obviates one or more ofthe problems caused by the limitations and disadvantages of the relatedart.

[0009] Features and advantages of the present invention will be setforth in the description which follows, and in part will become apparentfrom the description and the accompanying drawings, or may be learned bypractice of the invention according to the teachings provided in thedescription. Objects as well as other features and advantages of thepresent invention will be realized and attained by atransmission/reception scheme particularly pointed out in thespecification in such full, clear, concise, and exact terms as to enablea person having ordinary skill in the art to practice the invention.

[0010] To achieve these and other advantages and in accordance with thepurpose of the invention, as embodied and broadly described herein, theinvention provides a method of transmitting a content to a receptionside. The method includes the steps of encrypting the content by use ofa scramble key that varies with time, encrypting scramble-key-associatedinformation that includes at least the scramble key and usage-controlinformation, the usage-control information indicative of usage of thecontent on the reception side, and transmitting the encrypted contentand the encrypted scramble-key-associated information to the receptionside.

[0011] Further, the invention provides a method of decrypting anencrypted content received from a transmission side. The method includesthe steps of receiving the encrypted content and encryptedscramble-key-associated information from the transmission side, saidencrypted content being encrypted by use of a scramble key that varieswith time, decrypting the encrypted scramble-key-associated informationto obtain scramble-key-associated information that includes the scramblekey and usage-control information, and decrypting the encrypted contentby use of the scramble key if said usage-control information permits thedecryption of the encrypted content.

[0012] Moreover, an apparatus for transmitting a content to a receptionside and an apparatus for decrypting an encrypted content received froma transmission side are also provided in accordance with the invention.These apparatuses correspond to the methods described above.

[0013] According to the invention as described above, thescramble-key-associated information includes both the scramble key andthe usage-control information. Even if an apparatus or devices on thereception side are rigged, or are manufactured for the purposes ofillegal use, ignoring the scramble-key-associated information toinvalidate the usage-control information will result in a failure toobtain the scramble key. Further, since the scramble-key-associatedinformation is encrypted, it may be impossible to remove only theusage-control information from the scramble-key-associated information.This prevents the illegal use of contents.

[0014] Further, according to another aspect of the invention, anapparatus for decrypting an encrypted content received from atransmission side includes a receiving unit which receives the encryptedcontent and encrypted scramble-key-associated information from thetransmission side, said encrypted content being encrypted by use of ascramble key that varies with time, said encryptedscramble-key-associated information including the scramble key andusage-control information that are encrypted, a content descramble unitwhich decrypts the encrypted content by use of the scramble key if saidusage-control information permits the decryption of the encryptedcontent, and an interface unit which is configured to be connected to adecryption unit, which decrypts the encrypted scramble-key-associatedinformation to obtain the scramble key and usage-control information.

[0015] The apparatus as described above is provided as being separatefrom the decryption unit which decrypts the encryptedscramble-key-associated information. Rigging of this apparatus or makingof this apparatus for the purposes of illegal use does not succeed incircumventing the usage-control information. This is because thescramble-key-associated information including both the scramble key andthe usage-control information is decrypted in the tamper-resistantmodule rather than in this apparatus.

[0016] Moreover, according to another aspect of the invention, anapparatus for decrypting a scramble key, which is configured to beconnected to a content receiver for receiving an encrypted content froma transmission side and for decrypting the encrypted content by use ofthe scramble key, said apparatus includes a decryption unit whichreceives encrypted scramble-key-associated information from the contentreceiver, and decrypts the encrypted scramble-key-associated informationto obtain scramble-key-associated information that includes the scramblekey and usage-control information, and a transmission unit whichtransmits the scramble key to the content receiver only if saidusage-control information permits the decryption of the encryptedcontent.

[0017] The apparatus as described above is provided as being separatefrom the content receiver which decrypts the encrypted content. Riggingof the content receiver or making of the content receiver for thepurposes of illegal use does not succeed in circumventing theusage-control information. This is because the scramble-key-associatedinformation including both the scramble key and the usage-controlinformation is decrypted in the apparatus as described above rather thanin the content receiver.

[0018] Other objects and further features of the present invention willbe apparent from the following detailed description when read inconjunction with the accompanying drawings.

BRIEF DESCRIPTION OF DRAWINGS

[0019]FIG. 1 is a block diagram showing a system for controlling the useof contents;

[0020]FIGS. 2A through 2C are illustrative drawings showing an exampleof a file format when a file is transmitted from a content-usage-controltransmission apparatus;

[0021]FIG. 3 is a block diagram showing a content-usage-controlreception apparatus and a security module;

[0022]FIG. 4 is an illustrative drawing showing a scramble key, acontent key, and a stream that is input into the content-usage-controlreception apparatus;

[0023]FIG. 5 is an illustrative drawing showing an example in which acontent can be played irrespective of the play-sequence numbers;

[0024]FIG. 6 is a sequence chart showing an operation that is performedwhen contents stored in the memory of the content-usage-controlreception apparatus are subjected to watching/listening control;

[0025]FIG. 7 is a sequence chart showing an operation that is performedwhen contents stored in the memory of the content-usage-controlreception apparatus are subjected to watching/listening control; and

[0026]FIG. 8 is a sequence chart showing an operation that is performedwhen contents being received at the content-usage-control receptionapparatus are subjected to watching/listening control in real-time.

MODES FOR CARRYING OUT THE INVENTION

[0027] In the following, embodiments of the present invention will bedescribed with reference to the accompanying drawings.

System for Controlling Use of Contents Transmission Apparatus andReception Apparatus

[0028]FIG. 1 is a block diagram showing a system for controlling the useof contents. As shown in FIG. 1, a content-usage-control system 1includes a content-usage-control transmission apparatus 3 and acontent-usage-control reception apparatus 5.

[0029] The content-use-control system 1 encrypts contents of digitalbroadcasts, and transmits the encrypted contents together withusage-control information that controls (restricts) the use (playing,editing, etc.) of the encrypted contents on the reception side. Withthis provision, the system controls the use of contents at the receiverend.

Construction of Content-Usage-Control Transmission Apparatus

[0030] In what follows, the content-usage-control transmission apparatus3 will be described.

[0031] The content-usage-control transmission apparatus 3 includes acontent scramble unit 7, a multiplexing unit 9, and a memory unit 11.The content scramble unit 7 is regarded as including encryption units 7a through 7 d.

[0032] The content-usage-control transmission apparatus 3 encryptscontents comprised of video and audio data, and transmits the encryptedcontents to the content-usage-control reception apparatus 5 on thereceiver side. In this encryption process, master keys shared with thereceiver side are used (i.e., symmetric cryptography).

[0033] The content scramble unit 7 (encryption unit 7 a) uses a scramblekey Ks generated by a scramble key generation unit (not shown) toencrypt contents to be transmitted, thereby generating encryptedcontents. By use of a content key Kc stored in the memory unit 11, thecontent scramble unit 7 (encryption unit 7 b) encrypts associatedinformation that includes at least the scramble key Ks and aplay-sequence number (part of the usage-control information), therebygenerating encrypted associated information. Here, the encryptedscramble key Ks is packetized by use of the section format of the MPEG-2systems (ISO/IEC13818-1). As an example of this packetizing, theEntitlement Control Message format described in the ARIB (Association ofRadio Industries and Businesses) standard “STD-B25” may be used.Alternately, any method similar to this standard may be used forpacketizing and transmission.

[0034] The content scramble unit 7 (encryption unit 7 c) uses a work keyKw stored in the memory unit 11, and encrypts content-key-associatedinformation that includes at least the content key Kc and awatching/listening-control flag (part of the usage-control information),thereby generating encrypted content-key-associated information. Byusing a master key Km stored in the memory unit 11, the content scrambleunit 7 (encryption unit 7d) encrypts work-key-associated informationthat includes at least the work key Kw, thereby generating encryptedwork-key-associated information.

[0035] When contents are watched at the content-usage-control receptionapparatus 5 in real-time, the transmission of the content key Kc isstarted a predetermined time prior to the transmission of contents, andis repeated at predetermined intervals during the transmission ofcontents. After the transmission of contents comes to an end, thetransmission of the content key Kc is terminated. When contents that arewatched are played from the stored contents following the storing of thecontents in memory at the content-usage-control reception apparatus 5,the scrambled contents (encrypted contents) are stored in memory, andthe relevant content key Kc is transmitted when authorizing the watchingof the contents (authorization is controlled by the transmission side).

[0036] As described above, the encryption unit 7 a serves as an contentencryption unit, the encryption unit 7 b as an associated informationencryption unit, the encryption unit 7 c as a content-key-associatedinformation encryption unit, and the encryption unit 7 d as awork-key-associated information encryption unit.

[0037] The multiplexing unit 9 multiplexes the encrypted contents, theencrypted associated information, the encrypted content-key-associatedinformation, and the encrypted work-key-associated information togetherinto a transport stream, thereby generating multiplexed encryptedcontents, which are then transmitted to the reception side. That is, themultiplexing unit 9 serves as a transmission unit as well as amultiplexing unit.

[0038] The memory unit 11 stores therein the content key Kc, the workkey Kw, and the master key Km. These keys are stored by use of acontent-key-Kc database, a work-key-Kw database, and a master-key-Kmdatabase.

[0039] An additional description of the keys and the usage-controlinformation will be appreciated if it is given here. The scramble key Ksis an encryption key that is changed with time (e.g., once in fewseconds). The content key Kc is set on a content-specific basis. Thework key Kw is kept longer than the play time of contents. The masterkey Km is also provided in the content-usage-control reception apparatus5 (in a security module to be exact, as will be described), and isshared between the transmission side and the reception side. The masterkey Km is unique to each content-usage-control reception apparatus 5.The master key Km is stored in security modules in advance, and isdistributed to the reception side as part of the content-usage-controlreception apparatus 5.

[0040] The watching/listening control flag (watching/listening controlinformation) is used to control the watching/listening of contentsthrough the on/off state thereof. When the flag is on, thewatching/listening of contents is controlled according to theplay-sequence number after the contents are decrypted on the receptionside. When the flag is off, the watching/listening of contents isimmediately authorized by decrypting the encrypted scramble key. Theplay-sequence number (play-sequence control information) is used tocontrol the order in which the contents are watched/listened, the detailof which will be described later.

Construction of Content-Usage-Control Reception Apparatus

[0041] In what follows, the content-usage-control reception apparatus 5will be described.

[0042] The content-usage-control reception apparatus 5 includes ademultiplexing unit 13, a content descramble unit 15, and a memory unit17. The content descramble unit 15 is regarded as including decryptionunits 15 a through 15 d.

[0043] The content-usage-control reception apparatus 5 receives themultiplexed encrypted contents from the content-usage-controltransmission apparatus 3, and decrypts the multiplexed encryptedcontents according to the usage-control information (such as awatching/listening control flag and a play-sequence number) contained inthese contents. This makes the contents viewable by viewers.

[0044] The demultiplexing unit 13 receives the multiplexed encryptedcontents from the content-usage-control transmission apparatus 3, andseparates the received contents into the encrypted contents, theencrypted associated information, the encrypted content-key-associatedinformation, and the encrypted work-key-associated information.

[0045] The content descramble unit 15 includes the four decryption units15 a through 15 d, which decrypt the encrypted work-key-associatedinformation, the encrypted content-key-associated information, theencrypted associated information, and the encrypted contents,respectively, once they are obtained by the demultiplexing unit 13. Atthe start, the decryption unit 15 a decrypts the encryptedwork-key-associated information by use of the master key to produce awork key.

[0046] The decryption unit 15 b then decrypts the content-key-associatedinformation by use of the work key to produce a content key and awatching/listening control flag. According to the on/off state of thewatching/listening control flag, the decryption unit 15 c decrypts theencrypted associated information by use of the content key, therebygenerating only a scramble key or both the scramble key and aplay-sequence number.

[0047] In accordance with the play-sequence number, the decryption unit15 d (content descramble unit 15) decrypts the encrypted contents by useof the scramble key, thereby producing the contents.

[0048] The memory unit 17 includes a memory unit 17 a provided as afixed component of the content-usage-control reception apparatus 5, andfurther includes a record-device driver unit 17 b that reads/writesinformation from/to a removable record medium.

[0049] The content-usage-control reception apparatus 5 includes asecurity module SM1 (not shown in FIG. 1, but will be described later indetail). The security module SM1 includes the decryption units 15 athrough 15 c and the master key Km, and is constituted of an IC card orthe like that is not accessible from the exterior. The security moduleSM1 includes a memory unit N, which serves as a counter to store anumerical value corresponding to the play-sequence number (part of theusage-control information). The numerical value stored in the memoryunit N is initially set to “1”. Initialization of the numerical value to“1” is performed each time the content ID and the content key Kc arechanged in the content-key-associated information.

Sharing of Work Key Kw

[0050] In what follows, a description will be given with regard to acase in which the work key Kw needs to be shared between a plurality ofcontent-usage-control reception apparatuses 5. The content-usage-controltransmission apparatus 3 on the transmission side reads a master key Kmcorresponding to a given content-usage-control reception apparatus 5from the master-key-Km database provided in the memory unit 11. Thecontent-usage-control transmission apparatus 3 then uses the encryptionunit 7 d based on the symmetric cryptography to encrypt a work key Kw byuse of the master key Km. Associated information inclusive of theencrypted work key Kw is packatized in the session format of the MPEG-2systems (ISO/IEC13818-1), for example, and is multiplexed with theencrypted contents by the multiplexing unit 9 so as to generate atransport stream.

[0051] As an example of this packetizing, the EMM (EntitlementManagement Message) format described in the ARIB standard “STD-B25” maybe used. The content-usage-control reception apparatus 5 on thereception side uses the demultiplexing unit 13 to obtain EMM from thereceived MPEG-2 transport stream, and uses the decryption unit 15 a toproduce a work key Kw by use of the master key Km.

[0052] The operation described above is repeated with respect to eachcontent-usage-control reception apparatus 5, which makes it possible toshare the work keys Kw between the transmission side and the receptionside. The obtained work keys Kw are stored in the security modules SM.The work keys Kw shared between the content-usage-control receptionapparatuses 5 may be updated once in a month or a year, for example, soas to insure the security of the work keys Kw. These work keys Kw aretransmitted separately from contents by utilizing an available bandwidthof the broadcasting bandwidths.

Example of File Format

[0053] In what follows, FIGS. 2A through 2C are referred to, and adescription will be given with regard to an example of a file formatwhen a file is transmitted from the content-usage-control transmissionapparatus 3. The file format of a file transmitted from thecontent-usage-control transmission apparatus 3 includesscramble-key-associated information S (shared information S),content-key-associated information C (shared information C), andwork-key-associated information W (individual information W).

[0054] The scramble-key-associated information S (shared information S)is program information used in the transmission of a scramble key, andincludes a provider ID, a content ID, a scramble key Ks, a play-sequencenumber, etc. The provider ID is an identification assigned to eachbroadcast provider. The content ID is a unique identification assignedto each content based on predetermined rules such as a rule regardingwhether to allocate the same ID to an original program and a rerunprogram. The scramble key Ks is encrypted by using the content key Kccorresponding to the content ID. The play-sequence number defines anorder in which the contents are played on the reception side.

[0055] The content-key-associated information C (shared information C)is used to transmit the content key, and include a provider ID, a workkey ID, a content ID, a content key Kc, an expiration date, adesignation of a storage location, a watching/listening control flag,etc. The provider ID is an identification assigned to each broadcastprovider. The word key ID identifies a work key. The content ID is aunique identification assigned to each content. At least the content keyKc is encrypted by use of a work key corresponding to the work key ID.

[0056] The expiration date indicates the date until which the contentkey Kc is valid. The designation of a storage location is provided inadvance at the transmission side, and specifies the location in whichthe received content key is stored in the content-usage-controlreception apparatus 5. The watching/listening control flag controls thewatching/listening of a content according to the on/off state thereof.When the flag is on, the watching/listening of a content is controlledaccording to the play-sequence number after the encrypted scramble isdecrypted on the reception side.

[0057] The work-key-associated information W (individual information W)is individual information that is used to transmit a work key Kw, andincludes a provider ID, a card ID, an update number, an expiration date,a work key ID, a work key, etc. The provider ID is an identificationassigned to each broadcast provider or each group of broadcastproviders. The card ID is an identification assigned to each securitymodule SM. The update number is a number that indicates a version numberof the work key Kw. The expiration date indicates the date until whichthe work key Kw is valid. The work key Kw is encrypted by use of amaster key Km corresponding to the card ID.

Relationship between Reception Apparatus and Security Module

[0058] In what follows, a description will be given of the relationshipbetween the content-usage-control reception apparatus 5 and the securitymodule SM1 with reference to FIG. 3.

[0059] The content-usage-control reception apparatus 5 includes aKw·Kc-associated-information demultiplexing unit 13 a, a memory unit 17a, a Ks-associated-information demultiplexing unit 13 b, the contentdescramble unit 15, and an interface. The Kw·Kc-associated-informationdemultiplexing unit 13 a separates the associated information from thereceived stream (i.e., multiplexed encrypted contents) where theassociated information includes the work key Kw and the content key Kc.The memory unit 17 a stores therein the encrypted contents. TheKs-associated-information demultiplexing unit 13 b separtes theassociated information inclusive of the scramble key Ks. The contentdescramble unit 15 decrambles the contents. The interface providescommunication between the content-usage-control reception apparatus 5and the security module SM1.

[0060] The security module SM1 is provided with the master key Km, andincludes 4 decryption units (19 a through 19 d), an encryption unit 21,a transmission unit 23 for transmitting the scramble key Ks, atransmission control unit 25 for controlling the transmission unit 23,and a software switch S/W for controlling incoming information dependingon the prescribed condition. The number of incoming data for thesoftware switch S/W is two, and the switch is provided with two nodes a1and a2 that correspond in number to the number of incoming data. Thenode a1 is selected when the contents are to be watched/listened inreal-time, and the node a2 is selected when the contents are to beplayed for watching/listening from the stored contents.

[0061] The Kw·Kc-associated-information demultiplexing unit 13 aextracts encrypted work-key-associated information from the multiplexedencrypted contents. If the card ID included in the encryptedwork-key-associated information corresponds to the card ID of thesecurity module SM1 (which is an IC card in this example), the encryptedwork-key-associated information including the work key Kw, the work keyID, the update number, the expiration date, and the provider ID is inputinto the security module SM1. The security module SM1 uses thedecryption unit 19 a to decrypt the encrypted work key Kw by use of themaster key Km, producing the work key Kw. The work key Kw is kept in thesecurity module SM1 as an item corresponding to the provider ID, theupdate number, the expiration date, and the work key ID.

[0062] The Kw·Kc-associated-information demultiplexing unit 13 a furtherextracts encrypted content-key-associated information. The encryptedcontent-key-associated information including the work key ID, theencrypted content key Kc, the provider ID, the expiration date, and thecontent ID is input into the security module SM1. The security moduleSM1 uses the decryption unit 19 b to decrypt the encryptedcontent-key-associated information by use of the work key Kwcorresponding to the work key ID, producing the content key Kc.

Example of Playing of Encrypted Contents (Real-Time)

[0063] In the following, a description will be given of a case in whichthe received contents are watched/listened in real-time by use of thecontent-usage-control reception apparatus 5 and the security module SM1shown in FIG. 3. Since this is the case of real-time watching/listeningof contents, the software switch S/W of the security module SM1 ispreset to select the node a1.

[0064] An output of the Kw·Kc-associated-information demultiplexing unit13 a is supplied to the Ks-associated-information demultiplexing unit 13b. The Ks-associated-information demultiplexing unit 13 b extracts theassociated information S, and supplies the associated information Sinclusive of the content ID and the encrypted scramble key Ks to thesecurity module SM1. The security module SM1 uses the decryption unit 19d to decrypt the associated information 5 by use of the content key Kccorresponding to the content ID, thereby producing the scramble key Ksand the play-sequence number. The play-sequence number is then suppliedto the transmission control unit 25. In response, the transmissioncontrol unit 25 controls the transmission unit 23 according to theplay-sequence number, thereby sending the scramble key Ks obtained bythe decryption unit 19 d to the content-usage-control receptionapparatus 5. Having received the scramble key Ks, the content descrambleunit 15 of the content-usage-control reception apparatus 5 uses thescramble key Ks to decrypt the encrypted contents, thereby outputtingthe decrypted contents.

Example of Playing of Encrypted Contents (Stored Contents)

[0065] In the following, a description will be given of a case in whichcontents stored in the memory unit 17 a are watched/listened byutilizing the content-usage-control reception apparatus 5 and thesecurity module SM1. Since this is the case of watching/listening of thememory-stored contents, the software switch S/W of the security moduleSM1 is preset to select the node a2.

[0066] The encrypted contents as they are (without decryption), arestored in the memory unit 17 a together with the encrypted associatedinformation S (shared information S) including the encrypted scramblekey in such a manner to correspond to the content ID. TheKw·Kc-associated-information demultiplexing unit 13 a extracts theencrypted content-key-associated information (shared information C), andsupplies the encrypted content-key-associated information inclusive ofthe encrypted content key to the security module SM1. In the securitymodule SM1, the decryption unit 19 b decrypts the content key, and,then, the encryption unit 21 encrypts the decrypted content key. Thenewly encrypted content key Kc is supplied to the content-usage-controlreception apparatus 5, where it is stored in the memory unit 17 a as apaired item matching the encrypted contents.

[0067] When a content stored in the memory unit 17 a are to be played,the encrypted content key Kc corresponding to the content to be playedis retrieved from the memory unit 17 a for supply to the security moduleSM1. In the security module SM1, the decryption unit 19 c decrypts theencrypted content key Kc by use of the master key Km, thereby producingthe content key Kc. In the meantime, the retrieved content is suppliedto the Ks-associated-information demultiplexing unit 13 b. TheKs-associated-information demultiplexing unit 13 b extracts theencrypted associated information S, and supplies the encryptedassociated information S inclusive of the encrypted scramble key Ks tothe security module SM1.

[0068] The security module SM1 uses the decryption unit 19 d to decryptthe encrypted associated information inclusive of the encrypted scramblekey Ks by use of the content key Kc that is decrypted by the decryptionunit 19 c, thereby the scramble key Ks and the play-sequency numberbeing obtained. The play-sequence number is then supplied to thetransmission control unit 25. In response, the transmission control unit25 controls the transmission unit 23 according to the play-sequencenumber, thereby sending the scramble key Ks to the content-usage-controlreception apparatus 5. In the content-usage-control reception apparatus5, the content descramble unit 15 uses the received scramble key Ks todescramble the encrypted content, thereby outputting the decryptedcontent.

[0069] Maybe a storage device (not shown) is connected to thecontent-usage-control reception apparatus 5 via a home network or thelike. In such a case, a stream (part of the multiplexed encryptedcontents) is supplied to the storage device for storage therein via thehome network before the stream is supplied to theKs-associated-information demultiplexing unit 13 b.

[0070] A content key encrypted again by the master key Km is stored inthe storage device together with the encrypted contents and theencrypted associated information. At the time the encrypted contents areto be played, signals retrieved from the storage device (i.e., contentsignals still in the scrambled state) are supplied to theKs-associated-information demultiplexing unit 13 b of thecontent-usage-control reception apparatus 5 via the home network, andthe encrypted content key is passed from the content-usage-controlreception apparatus 5 to the security module SM1. The decryption unit 19c decrypts the encrypted content key, followed by the decryption unit 19d decrypting the scramble key Ks, which is then utilized to descramblethe contents.

Stream Input into Content-Usage-Control Reception Apparatus

[0071] With reference to FIG. 4, a description will now be given of therelationship between both the scramble key Ks and the content key Kc andthe stream (multiplexed encrypted contents: scenes of contents) that isinput into the content-usage-control reception apparatus 5. The caseunder consideration here is a case that contents are watched/listened inreal-time. In the following, a description will be given with regard toa case in which a content is divided in a time dimension into scene A,scene B, scene C, scene D, scene E, and so on. If the content is adrama, the scene A may be an opening, the scene B being a CM, the sceneC being a main story of the drama, the scene D being a CM, and the sceneE being an ending of the drama.

[0072] Scramble keys Ks11 through Ks5 n used for scrambling these scenesA through E together with play-sequence numbers are included in thescramble-key-associated information. During the scene A, the scramblekey is successively changed from the scramble key Ks11 to the scramblekey Ks1 n at an interval such as one second. The scramble keys Ks11through Ks1 n are given the same play-sequence number 1.

[0073] During the scene B, the scramble key is successively changed fromthe scramble key Ks21 to the scramble key Ks2 n at an interval such asone second. The scramble keys Ks21 through Ks2 n are given a pluralityof play-sequence numbers 2, 3, 4, and 5. During the scene C, thescramble key is successively changed from the scramble key Ks31 to thescramble key Ks3 n at an interval such as one second. The scramble keysKs31 through Ks3 n are given the same play-sequence number 6.

[0074] Further, during the scene D, the scramble key is successivelychanged from the scramble key Ks41 to the scramble key Ks4 n at aninterval such as one second. The scramble keys Ks41 through Ks4 n aregiven play-sequence numbers 7, 8, and 9. During the scene E, thescramble key is successively changed from the scramble key Ks51 to thescramble key Ks5 n at an interval such as one second. The scramble keysKs51 through Ks5 n are given the same play-sequence number 10.

[0075] The multiplexed encrypted contents include thecontent-key-associated information C1 (encrypted), which includes thecontent key Kc and the watching/listening control flag (which is on).The content key Kc is the same with respect to all the scenes A throughD. If the watching/listening control flag is on, the scramble key Ks issupplied to the content-usage-control reception apparatus 5 according tothe play-sequence number. If the watching/listening control flag is off,the scramble key Ks is supplied to the content-usage-control receptionapparatus 5 irrespective of the play-sequence number.

Example 1 of Watching/Listening Control of Contents

[0076] With reference to FIG. 3 and FIG. 4, a description will be givenof the watching/listening control of a content (scenes A through E)according to play-sequence numbers attached to the content.

[0077] The transmission control unit 25 of the security module SM1compares the play-sequence number of the scramble key Ks being currentlydecrypted with the play-sequence number of the next scramble key Ks. Ifthese play-sequence numbers are identical, or if the play-sequencenumber of the next scramble key Ks is equal to the play-sequence numberof the currently decrypted scramble key Ks plus one, the transmissioncontrol unit 25 controls the transmission unit 23 to send the decryptedscramble key Ks to the content-usage-control reception apparatus 5.

[0078] Otherwise, the transmission control unit 25 controls thetransmission unit 23 to send an error message (error signal) to thecontent-usage-control reception apparatus 5, indicating that there arerestrictions imposed on the play sequence. When the scramble key Ks issent from security module SM1 to the content-usage-control receptionapparatus 5, the content descramble unit 15 descrambles the encryptedcontent as in an example A shown in FIG. 4, thereby allowing thewatching/listening of the content.

[0079] In what follows, a description will be given with regard to acase in which the content is stored in the memory unit 17, and in whicha partial scene A1 of the scene A, a partial scene C1 of the scene C,and a partial scene E1 of the scene E are successively played as shownin an example A1 of FIG. 4.

[0080] In such a case, the play-sequence number is 1 for the scene A1,so that the transmission control unit 25 sends the scramble key Ks (oneof Ks11 through Ks1 n) from the transmission unit 23 to thecontent-usage-control reception apparatus 5. Based on the receivedscramble key Ks, the content-usage-control reception apparatus 5descrambles the content (scene A1).

[0081] Since the scene C1 corresponds to the play-sequence number 6 thatis not the next following play-sequence number, the transmission controlunit 25 does not send the scramble key Ks (one of Ks31 through Ks3 n)from the transmission unit 23 to the content-usage-control receptionapparatus 5. Because of this, the scene B having the next followingplay-sequence numbers 2, 3, 4, and 5 needs to be descrambled before thescene C1 is descrambled. By the sake token, the scene E1 cannot bedescrambled unless the scene D having the play-sequence numbers 7, 8,and 9 is descrambled first.

[0082] Namely, a play-sequence number for playing the scene C is unknownwhen an attempt is made to play the scene C immediately following thescene A in the content-usage-control reception apparatus 5. In order toobtain the play-sequence number, the scene B needs to be played first.This prevents the skipping the scene B that is a CM whenwatching/listening the contents. That is, the watching/listening ofcontents by users at the content-usage-control reception apparatus 5 canbe controlled on the transmission side.

Example 2 of Watching/Listening Control of Contents

[0083] A supplemental explanation will now be provided with regard tothe usage of play-sequence numbers included in thescramble-key-associated information. IF the content (scene A through E)is a drama, for example, the scenes A through D may be given the sameplay-sequence number 1, and the scene E (corresponding to the climax ofthe drama) may be given play-sequence numbers 2, 3, 4, 5, and 6 that areprogressively increased at an interval such as a few seconds. Thisallows users to freely watch/listen the scenes A through D at thecontent-usage-control reception apparatus 5, but prevents the scene E tobe played out of turn for watcing/listening.

[0084] Alternatively, the scenes of interviews of actors and actressesappearing in the drama may be included in the scene E, andwatching/listening control is implemented to insure that only the usershaving watched all the scenes A through D can watch the scene E. Namely,the scene E (the end of the content) may be arranged such as to includethe most desired scene for the viewers, thereby encouraging the viewersto watch the preceding scenes A through D inclusive of commercials.

Example 3 of Watching/Listening Control of Contents

[0085] If the watching/listening control flag contained in thecontent-key-associated information is off, the content can be playedirrespective of the play-sequence numbers as shown in an example B1shown in FIG. 5. Namely, successive playing of the partial scene A1 ofthe scene A, the partial scene C1 of the scene C, and the partial sceneE1 of the scene E can be performed, rather than having to play theentire sequence of the scenes A through E as shown in the example B.

[0086] When the broadcast is directed to a content that is free ofcharge, the watching/listening control flag included in thecontent-key-associated information may be set to “on”, letting userswatch/listen the content at the content-usage-control receptionapparatus 5 by use of the content key Kc. In this case, the users cannotskip commercials or the like contained in the content. If a user wishesto skip the commercials or the like during the watching/listening of thecontent, the user may sign a contract on line or the like to pay a feeto the broadcast provider running the content-usage-control transmissionapparatus 3. Upon such contract, the content-usage-control transmissionapparatus 3 transmits the content key Kc (content-key-associatedinformation) having the watching/listening control flag set to “off” viathe communication channel. Having obtained the content key Kc with thewatching/listening control flag thereof turned off, the user can enjoythis content (but not other contents) without any watching/listeningrestriction.

[0087] In this manner, the way a content is watched/listened as intendedby the provider (e.g., through usage control that prevents the skippingof commercials) can be forced upon users on the receiver side even whenbroadcasts are free of charge.

Example 4 of Watching/Listening Control of Contents

[0088] The broadcast provider who transmits contents from thetransmission side may prepare a plurality of work keys Kw (Kw1, Kw2, andso on) in advance. These work keys are stored as entries of the work-keydatabase in the memory unit 11 of the content-usage-control transmissionapparatus 3. The broadcast provider provides the work key Kw1 to a userof the content-usage-control reception apparatus 5 that receivescontents for free of charge, and provides the work key Kw2 to a user ofthe content-usage-control reception apparatus 5 that receives contentsby paying prescribed fees to the broadcast provider. These work keys arestored in security modules SM1, which are then distributed to the users.

[0089] At the time of transmission of contents (multiplexed encryptedcontents) from the content-usage-control transmission apparatus 3, thecontent-key-associated information encrypted by use of the work key Kw1with the watching/listening control flag being “on” is also transmittedtogether with the content-key-associated information encrypted by use ofthe work key Kw2 with the watching/listening control flag being “off”.In this manner, watching/listening control can be conducted inaccordance with the type of user contracts.

[0090] In the examples of watching/listening control of a content asshown in FIG. 4 and FIG. 5, the play-sequence number is increased one byone. Alternatively, the scenes A through D may be provided with the sameplay-sequence numbers as shown in FIG. 4 and FIG. 5, but the scene E maybe given a play-sequence number 20. In this case, the scene E cannot bewatched by use of the content key Kc sent from the transmission side ifthe content-key-associated information includes the watching/listeningcontrol flag that is “on”. If the user wishes to watch the scene E, theuser may sign a contract on line or the like to pay a fee to thebroadcast provider running the content-usage-control transmissionapparatus 3. Upon such contract, the content-usage-control transmissionapparatus 3 transmits the content key Kc (content-key-associatedinformation) having the watching/listening control flag set to “off” viathe communication channel.

Operation 1 of Content-Usage-Control Reception Apparatus

[0091] With reference to FIG. 6, a description will be given of theoperation that is performed when the contents stored in the memory unit17 of the content-usage-control reception apparatus 5 are subjected towatching/listening control. The sequence chart of FIG. 6 is directed toa case in which contents are stored as files in the memory unit 17, andare played from the beginning thereof.

[0092] The demultiplexing unit 13 of the content-usage-control receptionapparatus 5 separates the encrypted content-key-associated information(including the content key Kc) from the multiplexed encrypted contents(SI). The encrypted content-key-associated information is then sent tothe security module SM1. Having received the encryptedcontent-key-associated information, the security module SM1 decrypts thecontent key Kc and the watching/listening control flag contained in theencrypted content-key-associated information (S2).

[0093] A check is made as to whether the decrypted watching/listeningcontrol flag is “on” (S3). If a check finds that the decryptedwatching/listening control flag is “off”, the encrypted associatedinformation separated from the multiplexed encrypted contents issupplied from the content-usage-control reception apparatus 5 to thesecurity module SM1 (S4). Having received the encrypted associatedinformation, the security module SM1 decrypts the encrypted scramble keyKs contained in the encrypted associated information (S5), and suppliesthe decrypted scramble key Ks to the content-usage-control receptionapparatus 5 (S6). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S7).

[0094] If S3 finds that the decrypted watching/listening control flag is“on”, the encrypted associated information (inclusive of the scramblekey Ks and the play-sequence number) separated from the multiplexedencrypted contents is supplied from the content-usage-control receptionapparatus 5 to the security module SM1 (S8). Having received theencrypted associated information, the security module SM1 decrypts theencrypted scramble key Ks and the play-sequence number contained in theencrypted associated information (S9).

[0095] The decrypted play-sequence number is compared with a numericalvalue n (initially set to “1”) stored in the memory unit N so as todetermine whether the play-sequence number is smaller than the numericalvalue n stored in the memory unit N (S10). If the comparison indicatesthat the play-sequence number is smaller than the numerical value nstored in the memory unit N, the scramble key Ks is supplied to thecontent-usage-control reception apparatus 5 (S11). Having received thescramble key Ks, the content-usage-control reception apparatus 5 usesthe content descramble unit 15 to decrypt the encrypted contents (S12).

[0096] If S10 finds that the play-sequence number is not smaller thanthe numerical value n stored in the memory unit N, a check is made as towhether the play-sequence number is equal to the numerical value n plus1 (S13). If it is not the case, the transmission of the scramble key Ksis terminated, with an error handling process being performed in thecontent-usage-control reception apparatus 5 (S14). This error handlingprocess is performed in response to the transmission of an error indexfrom the security module SM1 to the content-usage-control receptionapparatus 5 where the error index indicates a failure to decrypt theencrypted content.

[0097] If S13 finds that the play-sequence number is equal to thenumerical value n plus 1, the play-sequence number is stored in thememory unit N (S15). Then, the scramble key Ks is supplied to thecontent-usage-control reception apparatus 5 (S11). Having received thescramble key Ks, the content-usage-control reception apparatus 5 usesthe content descramble unit 15 to decrypt the encrypted contents (S12).

[0098] According to the operations described above, contents aredecrypted only when the play-sequence number contained in the encryptedassociated information are provided in a proper order. This makes itpossible to prevent the skipping of commercials incorporated into thecontents while allowing free rewinding and replaying of content sectionsthat have already been watched.

Operation 2 of Content-Usage-Control Reception Apparatus

[0099] With reference to FIG. 7, a description will be given of theoperation that is performed when the contents stored in the memory unit17 of the content-usage-control reception apparatus 5 are subjected towatching/listening control. The sequence chart of FIG. 7 is directed toa case in which contents are stored as files in the memory unit 17, andare played from the beginning thereof.

[0100] The demultiplexing unit 13 of the content-usage-control receptionapparatus 5 separates the encrypted content-key-associated information(including the content key Kc) from the multiplexed encrypted contents(S21). The encrypted content-key-associated information is then sent tothe security module SM1. Having received the encryptedcontent-key-associated information, the security module SM1 decrypts thecontent key Kc and the watching/listening control flag contained in theencrypted content-key-associated information (S22).

[0101] A check is made as to whether the decrypted watching/listeningcontrol flag is “on” or “off” (S23). If a check finds that the decryptedwatching/listening control flag is “off”, the encrypted associatedinformation separated from the multiplexed encrypted contents issupplied from the content-usage-control reception apparatus 5 to thesecurity module SM1 (S24). Having received the encrypted associatedinformation, the security module SM1 decrypts the encrypted scramble keyKs contained in the encrypted associated information (S25), and suppliesthe decrypted scramble key Ks to the content-usage-control receptionapparatus 5 (S26). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S27).

[0102] If S23 finds that the decrypted watching/listening control flagis “on”, the encrypted associated information separated from themultiplexed encrypted contents is supplied from thecontent-usage-control reception apparatus 5 to the security module SM1(S28). Having received the encrypted associated information, thesecurity module SM1 decrypts the encrypted scramble key Ks and theplay-sequence number contained in the encrypted associated information(S29).

[0103] The decrypted play-sequence number is compared with a numericalvalue n (initially set to “1”) stored in the memory unit N so as todetermine whether these values are equal (S30). If the comparisonindicates that the play-sequence number is equal to the numerical valuen stored in the memory unit N, the scramble key Ks is supplied to thecontent-usage-control reception apparatus 5 (S31). Having received thescramble key Ks, the content-usage-control reception apparatus 5 usesthe content descramble unit 15 to decrypt the encrypted contents (S32).

[0104] If S30 finds that the play-sequence number is not equal to thenumerical value n stored in the memory unit N, a check is made as towhether the play-sequence number is smaller than the numerical value nor equal to the numerical value n plus 1 (S33). If the play-sequencenumber is neither smaller than the numerical value n nor equal to thenumerical value n plus 1, the transmission of the scramble key Ks isterminated, with an error handling process being performed in thecontent-usage-control reception apparatus 5 (S34). This error handlingprocess is performed in response to the transmission of an error indexfrom the security module SM1 to the content-usage-control receptionapparatus 5 where the error index indicates a failure to decrypt theencrypted content.

[0105] If S33 finds that the play-sequence number is smaller than thenumerical value n or equal to the numerical value n plus 1, theplay-sequence number is stored in the memory unit N (S35). Then, thescramble key Ks is supplied to the content-usage-control receptionapparatus 5 (S31). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S32).

[0106] According to the operations described above, contents aredecrypted only when the play-sequence number contained in the encryptedassociated information are provided in a proper order. This makes itpossible to prevent the skipping of commercials incorporated into thecontents. Further, the operations described above includes the steps(S33, S34) at which the play-sequence number is stored in the memoryunit N even when the play-sequence number is smaller than the numericalvalue n stored in the memory unit N. This imposes watching/listeningrestriction according to the play-sequence number even when contentsections having already been watched are rewound for replay.

Operation 3 of Content-Usage-Control Reception Apparatus

[0107] With reference to FIG. 8, a description will be given of theoperation that is performed when the contents being received at thecontent-usage-control reception apparatus 5 are subjected towatching/listening control in real-time. This operation takes intoaccount the playing of contents in real-time as they are received andthe playing of contents stored in the memory unit 17. Provision is madeto allow a content being broadcast to be recorded (stored) from halfwaythrough, and to cope with situations in which part of the content is notrecorded or watched when watching the content while recording it.

[0108] The demultiplexing unit 13 of the content-usage-control receptionapparatus 5 separates the encrypted content-key-associated information(including the content key Kc) from the multiplexed encrypted contents(S41). The encrypted content-key-associated information is then sent tothe security module SM1. Having received the encryptedcontent-key-associated information, the security module SM1 decrypts thecontent key Kc and the watching/listening control flag contained in theencrypted content-key-associated information (S42).

[0109] A check is made as to whether the decrypted watching/listeningcontrol flag is “on” or “off” (S43). If a check finds that the decryptedwatching/listening control flag is “off”, the encrypted associatedinformation separated from the multiplexed encrypted contents issupplied from the content-usage-control reception apparatus 5 to thesecurity module SM1 (S44). Having received the encrypted associatedinformation, the security module SM1 decrypts the encrypted scramble keyKs contained in the encrypted associated information (S45), and suppliesthe decrypted scramble key Ks to the content-usage-control receptionapparatus 5 (S46). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S47).

[0110] If S43 finds that the decrypted watching/listening control flagis “on”, the encrypted associated information separated from themultiplexed encrypted contents is supplied from thecontent-usage-control reception apparatus 5 to the security module SM1(S48). Having received the encrypted associated information, thesecurity module SM1 decrypts the encrypted scramble key Ks and theplay-sequence number contained in the encrypted associated information(S49).

[0111] The play-sequence number that is originally received is stored inthe memory unit N (S50). The decrypted play-sequence number is thencompared with a numerical value n (i.e., the originally received value)stored in the memory unit N so as to determine whether these values areequal (S51). If the comparison indicates that the play-sequence numberis equal to the numerical value n stored in the memory unit N, thescramble key Ks is supplied to the content-usage-control receptionapparatus 5 (S52). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S53).

[0112] If S51 finds that the play-sequence number is not equal to thenumerical value n stored in the memory unit N, a check is made as towhether the play-sequence number is smaller than the numerical value nor equal to the numerical value n plus 1 (S54). If the play-sequencenumber is neither smaller than the numerical value n nor equal to thenumerical value n plus 1, the transmission of the scramble key Ks isterminated, with an error handling process being performed in thecontent-usage-control reception apparatus 5 (S55). This error handlingprocess is performed in response to the transmission of an error indexfrom the security module SM1 to the content-usage-control receptionapparatus 5 where the error index indicates a failure to decrypt theencrypted content.

[0113] If S54 finds that the play-sequence number is smaller than thenumerical value n or equal to the numerical value n plus 1, theplay-sequence number is stored in the memory unit N (S56). Then, thescramble key Ks is supplied to the content-usage-control receptionapparatus 5 (S52). Having received the scramble key Ks, thecontent-usage-control reception apparatus 5 uses the content descrambleunit 15 to decrypt the encrypted contents (S53).

[0114] According to the operations described above, an initial value setin the memory unit N is equal to the play-sequence number that isoriginally received with respect to a content to be descrambled. Thisallows a content to be watched from halfway through as it is beingreceived, or allows a content to be played even if the content isrecorded from halfway through, while imposing watching/listeningrestriction according to the play-sequence number.

Supplemental Explanation of Watching/Listening Control Flag

[0115] The above description has been provided with reference to a casein which the watching/listening control flag is one-bit usage-controlinformation. The number of bits of the watching/listening control flagmay be increased, thereby designating the flag of “0” to the switchingoff of watching/listening control, designating the flag of “1” to thecontrol according to the sequence chart of FIG. 7, and designating theflag of “2” to the control according to the sequence chart of FIG. 8.

[0116] Such an embodiment provides the following advantages.

[0117] The content-usage-control transmission apparatus 3 uses thescramble key Ks to encrypt contents by the content scramble unit 7 (7a). The encryption unit 7 b uses the content key Kc stored in the memoryunit 11 to encrypt associated information that includes at lest aplay-sequence number and the scramble key Ks. The encryption unit 7 cuses a work key Kw stored in the memory unit 11 to encryptcontent-key-associated information that includes at least awatching/listening flag and the content key Kc. Further, the encryptionunit 7 d employs a master key to encrypt work-key-associated informationthat includes at least the work key Kw. The multiplexing unit 9 thengenerates and transmits multiplexed encrypted contents.

[0118] In the content-usage-control reception apparatus 5, thedemultiplexing unit 13 receives the multiplexed encrypted contents fromthe content-usage-control transmission apparatus 3, and separates thereceived contents into the encrypted contents, the encrypted associatedinformation, the encrypted content-key-associated information, and theencrypted work-key-associated information. The decryption unit 15 adecrypts the encrypted work-key-associated information by use of themaster key Km to produce a work key Kw. The decryption unit 15 b thendecrypts the encrypted content key Kc and the encryptedwatching/listening control flag by use of the work key Kw to produce thecontent key Kc and the watching/listening control flag. According to thewatching/listening control flag, the decryption unit 15 c decrypts theencrypted scramble key Ks and the encrypted play-sequence number. Inaccordance with the play-sequence number, the decryption unit 15 d (thecontent descramble unit 15) decrypts the encrypted contents by use ofthe scramble key ks, thereby producing the contents.

[0119] In this manner, scramble keys Ks are grouped according to theplay-sequence number, which is included in the encrypted associatedinformation (scramble-key-associated information), and are used toencrypt and decrypt contents in the content-usage-control transmissionapparatus 3 and the content-usage-control reception apparatus 5,respectively. This makes it possible to prevent illegal use of contentseven when the receiver on the reception side is rigged, or ismanufactured with a specific design for illegal use. Further,broadcasting stations (broadcast providers) on the transmission sidedetermines the order in which contents are watched on the receptionside, thereby achieving content-usage control.

[0120] The use of the play-sequence number (play-sequence controlinformation) set by the broadcasting stations on the transmission sidemakes it possible for the transmission side to impose control as towhether to allow the skipping of some scenes or commercials. Further,broadcast providers relying on advertisement revenues from commercialsor the like can keep the advertisement revenues while providing newservices to viewers/listeners such as the random-access playing ofcontents, the search of contents by use of metadata, etc.

[0121] Further, the present invention is not limited to theseembodiments, but various variations and modifications may be madewithout departing from the scope of the present invention.

[0122] The processing by the content-usage-control transmissionapparatus 3 and the content-usage-control reception apparatus 5 may beimplemented by way of a content-transmission program and acontent-reception program, respectively, written in a program language.Such implementation provides the same advantages as do thecontent-usage-control transmission apparatus 3 and thecontent-usage-control reception apparatus 5. Further, such programs maybe recorded and distributed in recording media (e.g., flexible disks,CD-ROMs)

[0123] The present application is based on Japanese priority applicationNo. 2001-349539 filed on Nov. 15, 2001, with the Japanese Patent Office,the entire contents of which are hereby incorporated by reference.

Industrial Applicability

[0124] As is apparent from the description provided above, theindustrial applicability of the invention includes, and is not limitedto, the use of the invention in the transmission and reception ofcontents in digital broadcasts.

1. A method of transmitting a content to a reception side, comprisingthe steps of: a) encrypting the content by use of a scramble key thatvaries with time; b) encrypting scramble-key-associated information thatincludes at least the scramble key and usage-control information, saidusage-control information indicative of usage of the content on thereception side; and c) transmitting the encrypted content and theencrypted scramble-key-associated information to the reception side. 2.The method as claimed in claim 1, wherein said step c) includesmultiplexing the encrypted content and the encryptedscramble-key-associated information before transmission thereof.
 3. Themethod as claimed in claim 1, wherein said step b) utilizes a shared keyof a symmetric cryptography that is shared with the reception side. 4.The method as claimed in claim 1, wherein the usage-control informationincludes play-sequence information indicative of an order in whichsections of said content are played on the reception side.
 5. The methodas claimed in claim 4, wherein said step b) encrypts thescramble-key-associated information by use of a content key assigned tothe content on a content-specific basis, said method further comprisingthe steps of: encrypting, by use of a work key, content-key-associatedinformation that includes at least the content key andwatching/listening control information indicative of whetherwatching/listening control is to be imposed on the reception side; andencrypting, by use of a master key shared with the reception side,work-key-associated information that includes at least the work key,wherein said step c) multiplexes the encrypted content, the encryptedscramble-key-associated information, the encryptedcontent-key-associated information, and the encryptedwork-key-associated information, followed by transmission thereof to thereception side.
 6. A method of decrypting an encrypted content receivedfrom a transmission side, comprising the steps of: a) receiving theencrypted content and encrypted scramble-key-associated information fromthe transmission side, said encrypted content being encrypted by use ofa scramble key that varies with time; b) decrypting the encryptedscramble-key-associated information to obtain scramble-key-associatedinformation that includes the scramble key and usage-controlinformation; and c) decrypting the encrypted content by use of thescramble key if said usage-control information permits the decryption ofthe encrypted content.
 7. The method as claimed in claim 6, wherein saidstep b) utilizes a shared key of a symmetric cryptography that is sharedwith the transmission side.
 8. The method as claimed in claim 6, whereinthe usage-control information includes play-sequence informationindicative of an order in which sections of said content are played, andsaid c) does not decrypt a scene of the encrypted content if saidplay-sequence information indicates that playing of the scene of theencrypted content is out of turn.
 9. The method as claimed in claim 6,wherein said step a) further receives encrypted work-key-associatedinformation and encrypted content-key-associated information from thetransmission side, said method further comprising the steps of:decrypting, by use of a master key shared with the transmission side,the encrypted work-key-associated information to obtainwork-key-associated information that includes a work key; anddecrypting, by use of the work key, the encrypted content-key-associatedinformation to obtain content-key-associated information that includesat least a content key and watching/listening control information, saidcontent key being assigned to the content on a content-specific basis,wherein said step b) encrypts the scramble-key-associated information byuse of the content key, and wherein the usage-control informationincludes play-sequence information indicative of an order in whichsections of said content are played, and said c) does not decrypt ascene of the encrypted content if said play-sequence informationindicates that playing of the scene of the encrypted content is out ofturn and if said watching/listening control information indicates thatcontrol of watching/listening is imposed.
 10. The method as claimed inclaim 9, wherein said c) decrypts the scene of the encrypted content ifsaid watching/listening control information indicates that control ofwatching/listening is not imposed even in an event that saidplay-sequence information indicates that playing of the scene of theencrypted content is out of turn.
 11. An apparatus for transmitting acontent to a reception side, comprising: a content scramble unit whichencrypts the content by use of a scramble key that varies with time; afirst encryption unit which encrypts scramble-key-associated informationthat includes at least the scramble key and usage-control information,said usage-control information indicative of usage of the content on thereception side; and a transmission unit which transmits the encryptedcontent and the encrypted scramble-key-associated information to thereception side.
 12. The apparatus as claimed in claim 11, wherein saidtransmission unit multiplexes the encrypted content and the encryptedscramble-key-associated information before transmission thereof.
 13. Theapparatus as claimed in claim 11, wherein said first encryption unitutilizes a shared key of a symmetric cryptography that is shared withthe reception side.
 14. The apparatus as claimed in claim 11, whereinthe usage-control information includes play-sequence informationindicative of an order in which sections of said content are played onthe reception side.
 15. The apparatus as claimed in claim 14, whereinsaid first encryption unit encrypts the scramble-key-associatedinformation by use of a content key assigned to the content on acontent-specific basis, said apparatus further comprising: a secondencryption unit which encrypts, by use of a work key,content-key-associated information that includes at least the contentkey and watching/listening control information indicative of whetherwatching/listening control is to be imposed on the reception side; and athird encryption unit which encrypts, by use of a master key shared withthe reception side, work-key-associated information that includes atleast the work key, wherein said transmission unit multiplexes theencrypted content, the encrypted scramble-key-associated information,the encrypted content-key-associated information, and the encryptedwork-key-associated information, followed by transmission thereof to thereception side.
 16. An apparatus for decrypting an encrypted contentreceived from a transmission side, comprising: a receiving unit whichreceives the encrypted content and encrypted scramble-key-associatedinformation from the transmission side, said encrypted content beingencrypted by use of a scramble key that varies with time; a firstdecryption unit which decrypts the encrypted scramble-key-associatedinformation to obtain scramble-key-associated information that includesthe scramble key and usage-control information; and a content descrambleunit which decrypts the encrypted content by use of the scramble key ifsaid usage-control information permits the decryption of the encryptedcontent.
 17. The apparatus as claimed in claim 16, wherein said firstdecryption unit utilizes a shared key of a symmetric cryptography thatis shared with the transmission side.
 18. The apparatus as claimed inclaim 16, wherein the usage-control information includes play-sequenceinformation indicative of an order in which sections of said content areplayed, and said content descramble unit does not decrypt a scene of theencrypted content if said play-sequence information indicates thatplaying of the scene of the encrypted content is out of turn.
 19. Theapparatus as claimed in claim 16, wherein said receiving unit furtherreceives encrypted work-key-associated information and encryptedcontent-key-associated information from the transmission side, saidmethod further comprising: a second decryption unit which decrypts, byuse of a master key shared with the transmission side, the encryptedwork-key-associated information to obtain work-key-associatedinformation that includes a work key; and a third decryption unit whichdecrypts, by use of the work key, the encrypted content-key-associatedinformation to obtain content-key-associated information that includesat least a content key and watching/listening control information, saidcontent key being assigned to the content on a content-specific basis,wherein said first decryption unit decrypts the scramble-key-associatedinformation by use of the content key, and wherein the usage-controlinformation includes play-sequence information indicative of an order inwhich sections of said content are played, and said content descrambleunit does not decrypt a scene of the encrypted content if saidplay-sequence information indicates that playing of the scene of theencrypted content is out of turn and if said watching/listening controlinformation indicates that control of watching/listening is imposed. 20.The apparatus as claimed in claim 19, wherein said content descrambleunit decrypts the scene of the encrypted content if saidwatching/listening control information indicates that control ofwatching/listening is not imposed even in an event that saidplay-sequence information indicates that playing of the scene of theencrypted content is out of turn.
 21. The apparatus as claimed in claim16, wherein said first decryption unit is implemented as a detachablesection of said apparatus.
 22. The apparatus as claimed in claim 21,wherein said first decryption unit is an IC card.
 23. The apparatus asclaimed in claim 22, wherein said first decryption unit utilizes ashared key of a symmetric cryptography that is shared with thetransmission side, and that is stored in memory inside said IC card. 24.An apparatus for decrypting an encrypted content received from atransmission side, comprising: a receiving unit which receives theencrypted content and encrypted scramble-key-associated information fromthe transmission side, said encrypted content being encrypted by use ofa scramble key that varies with time, said encryptedscramble-key-associated information including the scramble key andusage-control information that are encrypted; a content descramble unitwhich decrypts the encrypted content by use of the scramble key if saidusage-control information permits the decryption of the encryptedcontent; and an interface unit which is configured to be connected to adecryption unit, which decrypts the encrypted scramble-key-associatedinformation to obtain the scramble key and usage-control information.25. The apparatus as claimed in claim 24, wherein said contentdescramble unit receives the scramble key from the decryption unit viasaid interface unit if said usage-control information permits thedecryption of the encrypted content.
 26. The apparatus as claimed inclaim 25, wherein said content descramble unit does not receive thescramble key from the decryption unit via said interface unit unlesssaid usage-control information permits the decryption of the encryptedcontent.
 27. The apparatus as claimed in claim 24, wherein theusage-control information includes play-sequence information indicativeof an order in which sections of said content are played, and saidcontent descramble unit does not decrypt a scene of the encryptedcontent if said play-sequence information indicates that playing of thescene of the encrypted content is out of turn.
 28. An apparatus fordecrypting a scramble key, which is configured to be connected to acontent receiver for receiving an encrypted content from a transmissionside and for decrypting the encrypted content by use of the scramblekey, said apparatus comprising: a decryption unit which receivesencrypted scramble-key-associated information from the content receiver,and decrypts the encrypted scramble-key-associated information to obtainscramble-key-associated information that includes the scramble key andusage-control information; and a transmission unit which transmits thescramble key to the content receiver only if said usage-controlinformation permits the decryption of the encrypted content.
 29. Theapparatus as claimed in claim 28, wherein said decryption unit utilizesa shared key of a symmetric cryptography that is shared with thetransmission side.
 30. The apparatus as claimed in claim 28, wherein thescramble key varies with time, and the usage-control informationincludes play-sequence information indicative of an order in whichsections of said content are played, and wherein said transmission unitdoes not transmits the scramble key to the content receiver if saidplay-sequence information indicates that playing of a correspondingscene of the encrypted content is out of turn.
 31. The apparatus asclaimed in claim 28, comprising an IC card.